4/26/2007 @ 4:53PM

Googling For Grand Larceny

Seems like everyone uses
Google
to get what he or she wants. Even Russian cybercriminals. A computer security company announced this week that it had found evidence of would-be thieves trying to use the search engine to help steal bank passwords.

Atlanta-based Exploit Prevention Labs says criminals have been using Google’s
AdWords program this month to snoop on Web surfers with the hopes of eventually breaking into their bank accounts. The company says it has evidence of a concerted effort to install “malware” on surfer’s PCs from April 10 through April 24 but that it doesn’t know whether anyone’s bank account has actually been breached.

Here’s how the potential crime was supposed to work: Searches for business- and car-related words produced ads next to search results for legitimate pages like Cars.com and the Better Business Bureau’s Web site. But when users clicked on those ads, Exploit Prevention says they were first redirected to a Russian site called SmartTracker.org. That site would download a program onto the user’s machine before sending them on to their destination site. When users later visited one of a hundred major banking sites the software was designed to target, the program would spy on them using a “post-logger,” a program that inserts fake entry fields into Web sites and records passwords.

Google said in a statement Thursday that it had removed the fraudulent ads and is “continuing to monitor the situation closely.” The company also said it is “committed to ensuring the safety and security of our users and our advertisers,” and is working to remove malware infected pages from both its ad network and its search results.

Google’s advertising program, which accounted for nearly all of the company’s $10.6 billion in revenue last year, allows anyone to bid online for search terms related to their business. When users search for those terms, the business’ ad appears beside search results. Because the Adwords buying process works with little human supervision, says Exploit Prevention’s Chief Technology Office Roger Thompson, the system is ripe for abuse. “Google is in a tough position,” says Thompson. “They make it easy for anyone to purchase Adwords. That’s their fundamental business model. But that makes it difficult for Google to filter out the bad guys.”

Exploit Prevention analyzes the Web browsing of about 50,000 users of its software, probing links on Web pages to find viruses or malware. For about two weeks starting April 10, the company detected around 30 instances of the Russian site’s fraudulent link appearing beside Google Adwords. Thompson believes the problem is likely to continue.

“They’ll change the name, move to another Web site and buy more Adwords,” Thompson says. “We can be sure that they’ll be back.”